Daily Ruleset Update Summary 2022/12/30

Daily Ruleset Update Summary

[***] Summary: [***]

59 new OPEN, 63 new PRO (59 + 4). ViperSoftX, PurpleFox and Others.

Thanks @birchb0y, @Securelist, tweedge

The Emerging Threats mailing list is migrating to Discourse. Please
visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.

There will be no signature release on Monday, January 2, 2023 due to
New Year holiday observance.

[+++] Added rules: [+++]

Open:

2043102 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup
(fairu-schnellvpn .com) (malware.rules)
2043103 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup
(ahoravideo-schnellvpn .com) (malware.rules)
2043104 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup
(wmail-service .com) (malware.rules)
2043105 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup
(privatproxy-blog .xyz) (malware.rules)
2043106 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (fairu-blog
.com) (malware.rules)
2043107 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (bideo-chat
.xyz) (malware.rules)
2043108 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (bideo-blog
.com) (malware.rules)
2043109 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (wmail-blog
.com) (malware.rules)
2043110 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (wmail-chat
.com) (malware.rules)
2043111 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup
(fairu-schnellvpn .xyz) (malware.rules)
2043112 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup
(wmail-schnellvpn .com) (malware.rules)
2043113 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup
(ahoravideo-endpoint .xyz) (malware.rules)
2043114 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (wmail-cdn
.xyz) (malware.rules)
2043115 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (wmail-blog
.xyz) (malware.rules)
2043116 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup
(bideo-endpoint .com) (malware.rules)
2043117 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (bideo-cdn
.xyz) (malware.rules)
2043118 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (fairu-cdn
.xyz) (malware.rules)
2043119 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup
(fairu-endpoint .com) (malware.rules)
2043120 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup
(privatproxy-schnellvpn .xyz) (malware.rules)
2043121 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup
(ahoravideo-schnellvpn .xyz) (malware.rules)
2043122 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup
(privatproxy-chat .xyz) (malware.rules)
2043123 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup
(ahoravideo-cdn .com) (malware.rules)
2043124 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (bideo-blog
.xyz) (malware.rules)
2043125 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup
(bideo-schnellvpn .com) (malware.rules)
2043126 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup
(privatproxy-blog .com) (malware.rules)
2043127 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup
(privatproxy-endpoint .com) (malware.rules)
2043128 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup
(bideo-endpoint .xyz) (malware.rules)
2043129 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup
(fairu-endpoint .xyz) (malware.rules)
2043130 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (wmail-cdn
.com) (malware.rules)
2043131 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup
(ahoravideo-cdn .xyz) (malware.rules)
2043132 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup
(ahoravideo-endpoint .com) (malware.rules)
2043133 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup
(privatproxy-chat .com) (malware.rules)
2043134 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup
(ahoravideo-blog .xyz) (malware.rules)
2043135 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup
(wmail-endpoint .com) (malware.rules)
2043136 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup
(ahoravideo-blog .com) (malware.rules)
2043137 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup
(privatproxy-cdn .com) (malware.rules)
2043138 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup
(wmail-endpoint .xyz) (malware.rules)
2043139 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (fairu-cdn
.com) (malware.rules)
2043140 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup
(bideo-schnellvpn .xyz) (malware.rules)
2043141 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (wmail-chat
.xyz) (malware.rules)
2043142 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (fairu-chat
.com) (malware.rules)
2043143 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (fairu-blog
.xyz) (malware.rules)
2043144 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (fairu-chat
.xyz) (malware.rules)
2043145 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup
(privatproxy-endpoint .xyz) (malware.rules)
2043146 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (bideo-cdn
.com) (malware.rules)
2043147 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup
(privatproxy-schnellvpn .com) (malware.rules)
2043148 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (bideo-chat
.com) (malware.rules)
2043149 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup
(privatproxy-cdn .xyz) (malware.rules)
2043150 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup
(ahoravideo-chat .com) (malware.rules)
2043151 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup
(wmail-schnellvpn .xyz) (malware.rules)
2043152 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup
(ahoravideo-chat .xyz) (malware.rules)
2043153 - ET MALWARE ViperSoftX HTTP CnC Activity (malware.rules)
2043154 - ET MALWARE TA444 Domain in DNS Lookup (hoststudio .org)
(malware.rules)
2043155 - ET MALWARE TA444 Domain in DNS Lookup (updatezone .org)
(malware.rules)
2043156 - ET MALWARE TA444 Related Activity (POST) (malware.rules)
2043157 - ET MALWARE TA444 Related CnC Payload Request (malware.rules)
2043158 - ET MALWARE SocGholish Domain in DNS Lookup (canonical
.fmunews .com) (malware.rules)
2043159 - ET MALWARE SocGholish Domain in DNS Lookup (kinematics
.starmidwest .com) (malware.rules)
2043160 - ET MALWARE SocGholish Domain in DNS Lookup (passphrase
.singinganewsong .com) (malware.rules)

Pro:

2852989 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-12-29 1) (coinminer.rules)
2852990 - ETPRO ATTACK_RESPONSE PowerShell Decoder Leading to .NET
Reflection Inbound M1 (attack_response.rules)
2852991 - ETPRO MALWARE PurpleFox Backdoor/Rootkit Checkin M4 (malware.rules)
2852992 - ETPRO MALWARE Win32/Remcos RAT Checkin 856 (malware.rules)

[---] Disabled and modified rules: [---]

2809168 - ETPRO WEB_CLIENT Malformed MP4 Possible Adobe FlashPlayer
CVE-2014-0553 (web_client.rules)
2820586 - ETPRO MALWARE Win32/TrojanDownloader.IndigoRose.R Checkin
(malware.rules)

Date:

Friday, December 30, 2022

Summary title:

59 new OPEN, 63 new PRO (59 + 4). ViperSoftX, PurpleFox and Others.